Bug 1846836

Summary: the CVE-2020-9484 affect jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7 image
Product: [JBoss] JBoss Enterprise Application Platform 5 Reporter: yaoli
Component: jbossasAssignee: Fernando Nasser <fnasser>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.3.0CC: aos-bugs, eparis, jialiu, jokerman, nstielau, pdhamdhe, wsun, xtian, xxia
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-28 01:17:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yaoli 2020-06-15 03:04:47 UTC 
Description of problem:
Hello

The CVE affect the Red Hat OpenShift Application Runtimes tomcat

https://access.redhat.com/security/cve/cve-2020-9484

Now the RHSA aleardy release

https://access.redhat.com/errata/RHSA-2020:2530

Our customer want to know when the  jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7 image release date

https://catalog.redhat.com/software/containers/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7/5e668a2cd70cc54b02c64007?container-tabs=security

Version-Release number of selected component (if applicable):
3.11 

Thanks
Comment 5 yaoli 2020-06-28 01:17:03 UTC 
The latest image has been fix the CVE

https://access.redhat.com/errata/RHBA-2020:2678

https://catalog.redhat.com/software/containers/jboss-webserver-5/webserver53-openjdk8-tomcat9-openshift-rhel7/5e668a2cd70cc54b02c64007?container-tabs=security

Thanks